A SharePoint Server 2007 Shared Service Provider administration site using a host header never authenticates users when opened from the server’s console. To solve this, create the DWORD DisableLoopbackCheck under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and set it to the value 1. After that, reboot the comuter.
Note: the problem only occurs when opening the website on the console of the server, not from a client. Disabling the loopback check should be OK for lab and acceptance scenarios, but on production systems, I’d leave it enabled.
Users experience authentication issues when they access a Web page in IIS 6.0 or query Microsoft SQL Server 2000 after you install Windows Server 2003 Service Pack 1 ( http://support.microsoft.com/kb/887993 )